MCLOGs ETW trace issues

There are various issues widely reported when the trace process runs with excessive I/O (reads/writes) tothe ...\ProgramData\McAfee\MCLOGS\ETW\mclogs.etl, and worse, it's of considerable duration.On my system it interferes with other processes for example it blocks midi input via a usbmidi device while it's running.

1. Is this trace necessary?2. Can it be suppressed? Or3. Since many are have reported issues, is there a fix or a workaround?

Re: MCLOGs ETW trace issues

Thanks for the reply but... It hasn't happened for a while and when it does it's easy to detect via the resource monitor on high disk activity, which is the symtom it's running, and I found a workaround which cancels the trace.

Before I download & run any tools with which I'm not familiar, I've got 3 questions:

1. Exactly what is the purpose of the exercise?

2. How will this help?

Last:

3. Is there simple direct way to determine if extended log collection is enabled, or is this a McAfee internal only revealed by support tools?

Forgive my reticence, but past experience gives me pause, no software is perfect, and the info would be helpful since at the moment there's no urgency.

Re: MCLOGs ETW trace issues

Thank you Selvan, I have a printed copy of the first article, the second is highly illuminating it definitely indicates that the tool should be used with caution, for specific scenarios, and has the potential to change the state of the system, which if not properly restored could have a negative impact, for example a failure to disable verbose logging if enabled for a session.

Moreover the original issue doesn't appear to conform to any of the scenarios as it concerns the ETW trace performance, and I'm not sure of the relevance of this tool for this issue. Further to suggest arbitrarily running this tool without prior expertise or very precise steps to be taken in the context of a specific issue, which in this case may not be appropriate, seems to me extreamly ill advised.

In light of this I'm grateful you gave the reference to the second article...

Re: MCLOGs ETW trace issues

Generally we Tech Support makes extensive use of log collection tools to troubleshoot an unknown issue. The logs collected will help us to narrow down the root cause of a problem. The general practice here is to disable the tools and/or changes that were made to the PC post troubleshooting. On that note do you recall working with Tech Support earlier? It will help us understand the situation better.

Re: MCLOGs ETW trace issues

Thankyou Selvan, I do appreciate the necessity for logs, having used them for toubleshooting in a professional capacity many, many moons ago! Any McAfee Tech Support help received earlier, did not require any tool use, or to provide any logs.

As previously mentioned for this "particular issue" the ETW trace itself, it is not clear what steps precisely, pre and post toubleshooting , should be taken. For example on the main screen there are 3 options, which one should be selected, Trace? This would be a first time run on a 64-bit w10 system, will it prompt a reboot? Is verbose logging on by default or is this an artifact of the issue? And so on...

Regardless as prevoiusly mentioned I found a workaround which cancels the ETW trace, when I detect it during the course of other activities engaged in, that the ETW trace interferes with.

Issues with thie ETW trace have been widely reported and should be able to be independently investigated without any logs I could provide, and as at the moment there's no urgency, I have no intention to arbitrily run this tool on my system with any potential risks it might involve.